Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/3bnDZUsDXnEjZmLC2l6TNlR44q0.roa
File:                     3bnDZUsDXnEjZmLC2l6TNlR44q0.roa (raw, json)
Hash identifier:          wvyAIrwBTPizl931rTr7kAFeltcDxlBFhYT3hCElsC8=
Subject key identifier:   DD:B9:C3:65:4B:03:5E:71:23:66:62:C2:DA:5E:93:36:54:78:E2:AD
Certificate issuer:       /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial:       01969F13B2A0FE92925BC26DA7F1F6128E06
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/3bnDZUsDXnEjZmLC2l6TNlR44q0.roa
Signing time:             Mon 05 May 2025 06:13:10 +0000
ROA not before:           Mon 05 May 2025 06:13:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3273
IP address blocks:        212.22.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 06:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9f:13:b2:a0:fe:92:92:5b:c2:6d:a7:f1:f6:12:8e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
        Validity
            Not Before: May  5 06:13:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ddb9c3654b035e71236662c2da5e93365478e2ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e9:5f:1b:bc:6d:45:59:d7:42:12:0b:2d:98:
                    c6:70:ea:bf:b5:35:b2:3a:f1:47:9e:e0:28:79:7b:
                    1d:da:0e:99:76:1d:9f:9e:5a:80:0d:df:b1:07:be:
                    ef:94:16:d0:45:3a:86:0d:7a:43:a0:d9:36:cc:70:
                    60:b1:1a:f9:1c:b9:f5:95:73:2a:0a:d5:75:e1:84:
                    5a:7d:d3:da:c4:08:ed:9c:ad:21:1b:92:fa:c5:51:
                    75:20:cf:3a:92:de:2e:70:b5:cb:56:f4:73:e3:88:
                    e0:2b:55:24:da:77:b4:dd:cd:18:8d:67:1b:c1:95:
                    39:8f:d1:9a:25:a3:cd:a1:da:f7:be:28:88:42:7f:
                    56:22:f0:6a:e3:2d:e3:fd:55:8c:7e:00:63:36:56:
                    99:80:cd:b3:e8:1c:66:19:08:76:10:1a:94:61:71:
                    69:35:dc:b7:6f:8a:8a:22:84:ca:a9:e9:69:fc:94:
                    3c:5c:48:27:fa:2c:ea:98:e8:ee:3e:d8:ac:ec:50:
                    5f:60:57:32:86:0c:c3:b6:4f:63:5b:16:a5:c9:74:
                    0d:fd:03:4e:9a:be:a5:dd:8b:8f:ee:f1:c0:13:75:
                    c6:25:25:a0:c9:6c:e4:02:4c:3b:10:0d:9e:00:12:
                    10:0b:aa:e3:03:f4:4a:ed:01:36:d8:cd:4e:99:35:
                    78:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:B9:C3:65:4B:03:5E:71:23:66:62:C2:DA:5E:93:36:54:78:E2:AD
            X509v3 Authority Key Identifier:
                keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/3bnDZUsDXnEjZmLC2l6TNlR44q0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:fc:d8:95:11:f4:02:8f:f6:7f:33:2f:de:a7:ae:02:9b:ca:
         2f:23:1e:cc:14:1f:f7:2e:53:00:3d:dc:b3:7b:3a:6c:52:2b:
         a4:8e:44:34:5d:4c:6c:2b:c0:db:b3:b6:78:9f:58:50:43:84:
         dd:57:2a:c0:e6:cc:34:72:c5:87:a0:07:9a:e2:e9:54:a8:05:
         09:16:ba:7d:d4:27:20:c4:7a:4b:2a:f1:37:d1:0d:d2:14:d2:
         5b:2b:e7:13:db:d3:d3:f7:f5:c1:be:43:75:61:11:a1:e9:dc:
         38:06:fa:46:c3:2b:18:7a:ed:11:d0:c0:fc:27:2d:db:3e:5f:
         ec:91:96:9d:33:77:1a:c5:36:ef:76:6a:22:7c:13:02:2b:3d:
         14:43:bd:79:03:1d:9b:70:44:66:ff:63:67:52:cd:29:6c:87:
         08:96:29:05:f6:6c:48:0f:55:8c:f2:b2:20:f2:fa:07:91:bb:
         af:68:5a:a1:3e:2c:0c:fd:14:99:6d:de:3c:f0:80:cf:84:e3:
         bc:40:9b:49:c1:e2:02:9e:bb:18:94:43:7b:34:04:18:c3:c2:
         63:85:7a:8a:8a:eb:c9:57:b0:dc:5c:3b:df:f9:52:c5:b9:07:
         19:2c:c9:de:c4:9a:a6:99:45:41:d3:bf:93:fb:7a:47:fa:17:
         41:c4:32:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZafE7Kg/pKSW8Jtp/H2Eo4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjUwNTA1MDYxMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGI5YzM2NTRiMDM1ZTcxMjM2NjYyYzJkYTVlOTMzNjU0NzhlMmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApulfG7xtRVnXQhILLZjGcOq/tTWy
OvFHnuAoeXsd2g6Zdh2fnlqADd+xB77vlBbQRTqGDXpDoNk2zHBgsRr5HLn1lXMq
CtV14YRafdPaxAjtnK0hG5L6xVF1IM86kt4ucLXLVvRz44jgK1Uk2ne03c0YjWcb
wZU5j9GaJaPNodr3viiIQn9WIvBq4y3j/VWMfgBjNlaZgM2z6BxmGQh2EBqUYXFp
Ndy3b4qKIoTKqelp/JQ8XEgn+izqmOjuPtis7FBfYFcyhgzDtk9jWxalyXQN/QNO
mr6l3YuP7vHAE3XGJSWgyWzkAkw7EA2eABIQC6rjA/RK7QE22M1OmTV4qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN25w2VLA15xI2ZiwtpekzZUeOKtMB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvM2JuRFpVc0RYbkVqWm1MQzJsNlRObFI0NHEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BYgMA0G
CSqGSIb3DQEBCwUAA4IBAQAE/NiVEfQCj/Z/My/ep64Cm8ovIx7MFB/3LlMAPdyz
ezpsUiukjkQ0XUxsK8Dbs7Z4n1hQQ4TdVyrA5sw0csWHoAea4ulUqAUJFrp91Ccg
xHpLKvE30Q3SFNJbK+cT29PT9/XBvkN1YRGh6dw4BvpGwysYeu0R0MD8Jy3bPl/s
kZadM3caxTbvdmoifBMCKz0UQ715Ax2bcERm/2NnUs0pbIcIlikF9mxID1WM8rIg
8voHkbuvaFqhPiwM/RSZbd488IDPhOO8QJtJweICnrsYlEN7NAQYw8JjhXqKiuvJ
V7DcXDvf+VLFuQcZLMnexJqmmUVB07+T+3pH+hdBxDKK
-----END CERTIFICATE-----